# -*- coding:utf-8 -*-
#!/usr/bin/python
import re 
from splinter import Browser
from xss_cases import xss_sheet_cheat
from urlparse import urlparse,urlunparse
from urllib import urlencode
from common import *

class XSS_Attack(Basis):
    
    def __init__(self,browser,url):
        super(XSS_Attack,self).__init__(browser,url)
        self.detect_vectors={
                        "ascript":'.*?<script.*?>(.*?)alert(.*?);?<\/script>',
                        "bimg":'.*?<img.*?alert(.*?).*?>',
                        'ciframe':'.*?<iframe.*alert(.*?).*?>',
                        'dattr-style':'<.*?style=".*?alert(.*?)".*?>',
                        'emarquee':'.*?<marquee><h1>XSS</h1><\/marquee>',
                        'fevent':'.*?on.*?=.*?alert(.*?).*?>',
                        "gmeta":".*?<META HTTP-EQUIV='refresh' CONTENT='0;url=.*?javascript:alert(.*?);'>",
        }
    
    def DetectUrlParams(self):
        origin,totest=super(XSS_Attack,self).parseQuery("xss")
        u=urlparse(self.url)
        xss_url=[]
        if len(totest)>0:
            for get_key in totest.keys():
                  temp=origin[get_key]
                  signal=0
                  for (key,val) in self.detect_vectors.items():
                        for case in xss_sheet_cheat[key[1:]]:
                            origin[get_key]=case
                            query=urlencode(origin)
                            origin[get_key]=temp
                            url_test=urlunparse((u.scheme,u.netloc,u.path,u.params,query,u.fragment))
                            self.browser.visit(url_test)
                            try:
                                if re.match(r"%s" % val,self.browser.html,re.I):
                                    xss_url.append(self.browser.url)
                                    signal=1
                                    break
                            except:
                                    pass
                        if signal==1:
                            break
        return xss_url

    def prepare(self):
        self.browser.visit(self.url)
        try:
            self.input_vector=self.browser.find_by_xpath("//input[@type='text']").first
            self.submit=self.browser.find_by_xpath("//input[@type='submit']").first
            return True
        except:
            pass
        return False
    
    def DetectContent(self):
        if self.prepare():
            for (key,val) in self.detect_vectors.items():
                for case in xss_sheet_cheat[key[1:]]:
                    if self.prepare():
                        self.input_vector.fill(case)
                        self.submit.click()
                        try:
                            if re.match(r"%s" % val,self.browser.html,re.I):
                                return self.browser.url
                        except:
                            pass
        return False

    def start(self):
        res = self.DetectContent()
        if res:
            print self.url+": content exists xss vulnerability"
        res2=self.DetectUrlParams()
        if len(res2)>0:
            for xss_url in res2:
                print xss_url+": exists xss vulnerability"
                